The growth of the Internet is driving the need for additional data storage capacity. While the need for data storage devices is readily met with additional storage devices, performance is often hindered by the manner in which access is provided to the data.
Many computer networks provide access to data through storage controllers, each of which controls access to one or more storage devices. A storage controller may create a bottleneck that limits data throughput if many client applications seek access to data controlled by the same storage controller, or each if a few client applications move a large quantity of data through the same storage controller.
A current solution to the problem is the used of network-attached secure devices (NASD). The NASD architecture allows client nodes to directly access specific storage objects by supporting a cache capability. The cache allows file data and some control information to be transmitted to a client node only once via the network, and there is no centralized storage controller to create a bottleneck. While this addresses the bottleneck issue, data security must now be addressed at the storage device level.
A common NASD architecture provides a NASD interface and file system where files and directories are stored in NASD objects. Each file and directory occupies a dedicated NASD object. Security is based on cryptographic attributes of the objects, and the objects are static. That is, a file object is created when the file is created and exists as long as the file exists. Furthermore, objects are inherently supported at the device level and each is therefore limited by the device with which the object is associated.
Since each file has an associated object, the client applications that access the files must be programmed to handle the objects. Thus, a major software upgrade may be required to implement a NASD-based system with existing client applications. In addition, enforcing security at the file level may create excess system overhead through encryption and key management.
A system and method that address the aforementioned problems, as well as other related problems, are therefore desirable.